[Løst] Kan noe se over loggene ?

[IcedInsanity]

hei.

 

Sitter på en pc som ei vennine har, kan noen se over loggene? takk

 

Mbam logg

 

 

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

 

Databaseversjon: 4029

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

 

24.04.2010 12:27:46

mbam-log-2010-04-24 (12-27-46).txt

 

Skanntype: Hurtigsøk

Objekter skannet: 144761

Tid tilbakelagt: 7 minutt(er), 52 sekund(er)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 1

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert 6

 

Minneprosesser infisert:

(Ingen skadelige objekter funnet)

 

Minnemoduler infisert:

(Ingen skadelige objekter funnet)

 

Registernøkler infisert:

(Ingen skadelige objekter funnet)

 

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (IM.Worm) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

(Ingen skadelige objekter funnet)

 

Mapper infisert:

(Ingen skadelige objekter funnet)

 

Filer infisert

C:\captura.bmp (Malware.Traces) -> Quarantined and deleted successfully.

C:\codigo1.bmp (Malware.Traces) -> Quarantined and deleted successfully.

C:\codigo2.bmp (Malware.Traces) -> Quarantined and deleted successfully.

C:\codigo3.bmp (Malware.Traces) -> Quarantined and deleted successfully.

C:\codigo4.bmp (Malware.Traces) -> Quarantined and deleted successfully.

C:\error.bmp (Malware.Traces) -> Quarantined and deleted successfully.

 

 

 

Combo logg

 

 

 

 

 

 

ComboFix 10-04-21.01 - eliven 24.04.2010 13:01:48.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.2038.1335 [GMT 2:00]

Kjører fra: c:\documents and settings\eliven.UNETT\Mine dokumenter\Nedlastinger\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Forrige skanning -------

.

c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat

c:\programfiler\Fast Browser Search

c:\programfiler\Fast Browser Search\IE\1.bat

c:\programfiler\Fast Browser Search\IE\about.html

c:\programfiler\Fast Browser Search\IE\affid.dat

c:\programfiler\Fast Browser Search\IE\basis.xml

c:\programfiler\Fast Browser Search\IE\basis_br.xml

c:\programfiler\Fast Browser Search\IE\basis_de.xml

c:\programfiler\Fast Browser Search\IE\basis_en.xml

c:\programfiler\Fast Browser Search\IE\basis_es.xml

c:\programfiler\Fast Browser Search\IE\basis_fr.xml

c:\programfiler\Fast Browser Search\IE\basis_it.xml

c:\programfiler\Fast Browser Search\IE\basis_nr.xml

c:\programfiler\Fast Browser Search\IE\basis_pt.xml

c:\programfiler\Fast Browser Search\IE\basis_ru.xml

c:\programfiler\Fast Browser Search\IE\basis_tr.xml

c:\programfiler\Fast Browser Search\IE\BHO.dll

c:\programfiler\Fast Browser Search\IE\ClearRecycleBin.exe

c:\programfiler\Fast Browser Search\IE\error.html

c:\programfiler\Fast Browser Search\IE\FBSPlugin.dll

c:\programfiler\Fast Browser Search\IE\fbsProtection.xml

c:\programfiler\Fast Browser Search\IE\FbsSearchProvider.xml

c:\programfiler\Fast Browser Search\IE\FbsSearchProviderIE8.exe

c:\programfiler\Fast Browser Search\IE\FBStoolbar.dll

c:\programfiler\Fast Browser Search\IE\fbstoolbar.jar

c:\programfiler\Fast Browser Search\IE\fbstoolbar.manifest

c:\programfiler\Fast Browser Search\IE\icons.bmp

c:\programfiler\Fast Browser Search\IE\info.txt

c:\programfiler\Fast Browser Search\IE\local.xml

c:\programfiler\Fast Browser Search\IE\logobg.bmp

c:\programfiler\Fast Browser Search\IE\MTWBtoolbar.html

c:\programfiler\Fast Browser Search\IE\search.bmp

c:\programfiler\Fast Browser Search\IE\search_br.bmp

c:\programfiler\Fast Browser Search\IE\search_de.bmp

c:\programfiler\Fast Browser Search\IE\search_es.bmp

c:\programfiler\Fast Browser Search\IE\search_fr.bmp

c:\programfiler\Fast Browser Search\IE\search_it.bmp

c:\programfiler\Fast Browser Search\IE\search_pt.bmp

c:\programfiler\Fast Browser Search\IE\search_ru.bmp

c:\programfiler\Fast Browser Search\IE\SearchAssistant.dll

c:\programfiler\Fast Browser Search\IE\SearchGuardPlus.exe

c:\programfiler\Fast Browser Search\IE\SearchGuardPlus.ico

c:\programfiler\Fast Browser Search\IE\SGPU.ico

c:\programfiler\Fast Browser Search\IE\sgpUpdater.exe

c:\programfiler\Fast Browser Search\IE\sgpUpdater.xml

c:\programfiler\Fast Browser Search\IE\SGPUpdaterS.exe

c:\programfiler\Fast Browser Search\IE\tbhelper.dll

c:\programfiler\Fast Browser Search\IE\tbs_include_script_003175.js

c:\programfiler\Fast Browser Search\IE\tbs_include_script_005064.js

c:\programfiler\Fast Browser Search\IE\tbs_include_script_012817.js

c:\programfiler\Fast Browser Search\IE\Toolbar Help.htm

c:\programfiler\Fast Browser Search\IE\ToolBarBHO.dll

c:\programfiler\Fast Browser Search\IE\uninstall.exe

c:\programfiler\Fast Browser Search\IE\uninstalSGP.exe

c:\programfiler\Fast Browser Search\IE\uninstalSGPU.exe

c:\programfiler\Fast Browser Search\IE\update.exe

c:\programfiler\Fast Browser Search\IE\version.txt

c:\programfiler\SGPSA

c:\programfiler\SGPSA\BHO.dll

c:\programfiler\SGPSA\SearchAssistant.dll

c:\recycler\S-1-5-21-4262935054-2434202923-173283833-500

c:\recycler\S-1-5-21-489248529-1699838375-1845911597-318968

c:\windows\jestertb.dll

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-03-24 til 2010-04-24 )))))))))))))))))))))))))))))))))

.

 

2010-04-24 10:18 . 2010-04-24 10:18 -------- d-----w- c:\documents and settings\eliven.UNETT\Programdata\Malwarebytes

2010-04-24 10:18 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-24 10:18 . 2010-04-24 10:18 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes

2010-04-24 10:18 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-24 10:18 . 2010-04-24 10:18 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware

2010-04-20 15:11 . 2010-04-20 15:11 242696 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgtdix.sys

2010-04-20 15:10 . 2010-04-20 15:10 1689952 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgupd.dll

2010-04-16 06:21 . 2010-02-12 04:35 100864 -c----w- c:\windows\system32\dllcache\6to4svc.dll

2010-04-16 06:21 . 2009-12-24 07:05 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll

2010-04-16 06:21 . 2010-01-13 14:06 86016 -c----w- c:\windows\system32\dllcache\cabview.dll

2010-04-08 09:07 . 2010-04-08 09:07 4255072 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgcorex.dll

2010-04-05 20:14 . 2010-04-05 20:14 4076824 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgui.exe

2010-04-05 20:14 . 2010-04-05 20:14 2059544 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgtray.exe

2010-04-05 20:14 . 2010-04-05 20:14 1598744 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgssie.dll

2010-04-05 20:14 . 2010-04-05 20:14 1515224 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgwd.dll

2010-04-05 20:14 . 2010-04-05 20:14 1274136 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgfrw.exe

2010-04-05 20:14 . 2010-04-05 20:14 598296 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgsrmx.dll

2010-04-05 20:14 . 2010-04-05 20:14 556824 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgchjwx.dll

2010-04-05 20:14 . 2010-04-05 20:14 459544 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgcclix.dll

2010-04-05 20:14 . 2010-04-05 20:14 341272 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgxch32.dll

2010-04-05 20:14 . 2010-04-05 20:14 313112 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avglogx.dll

2010-04-05 20:14 . 2010-04-05 20:14 1086744 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgchsvx.exe

2010-04-05 20:14 . 2010-04-05 20:14 301336 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgchclx.dll

2010-04-05 20:13 . 2010-04-05 20:13 1035032 ----a-w- c:\documents and settings\All Users\Programdata\avg9\update\backup\avgupd.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-24 10:31 . 2009-10-06 21:08 -------- d-----w- c:\documents and settings\eliven.UNETT\Programdata\Skype

2010-04-22 19:10 . 2009-10-04 15:52 -------- d-----w- c:\documents and settings\eliven.UNETT\Programdata\Spotify

2010-04-21 08:05 . 2010-02-09 11:51 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-04-20 19:33 . 2009-08-31 14:10 -------- d-----w- c:\documents and settings\eliven.UNETT\Programdata\LimeWire

2010-04-20 15:10 . 2009-12-13 17:47 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-04-19 14:47 . 2009-10-06 21:11 -------- d-----w- c:\documents and settings\eliven.UNETT\Programdata\skypePM

2010-03-29 10:38 . 2008-04-09 04:10 81368 ----a-w- c:\windows\system32\perfc014.dat

2010-03-29 10:38 . 2008-04-09 04:10 447564 ----a-w- c:\windows\system32\perfh014.dat

2010-03-21 17:49 . 2009-12-15 21:23 79488 ----a-w- c:\documents and settings\eliven.UNETT\Programdata\Sun\Java\jre1.6.0_17\gtapi.dll

2010-03-18 14:38 . 2010-03-18 14:38 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-18 14:38 . 2009-12-13 17:46 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-03-18 14:37 . 2009-12-13 17:47 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-03-11 12:38 . 2008-04-09 04:10 832512 ----a-w- c:\windows\system32\wininet.dll

2010-03-11 12:38 . 2008-04-09 04:10 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-03-11 12:38 . 2008-04-09 04:10 17408 ----a-w- c:\windows\system32\corpol.dll

2010-03-09 11:11 . 2008-04-09 04:10 430080 ----a-w- c:\windows\system32\vbscript.dll

2010-02-24 13:11 . 2008-04-09 04:10 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-24 08:16 . 2009-10-18 17:08 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-16 19:10 . 2004-08-04 00:58 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-16 19:10 . 2004-08-04 00:58 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-12 04:35 . 2008-04-09 04:10 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2008-04-09 04:10 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\programfiler\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-05-20 177464]

"{5ec1b3d3-5799-460d-ab49-9079669a5d3f}"= "c:\programfiler\softmanoc\tbsof1.dll" [2010-02-15 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

 

[HKEY_CLASSES_ROOT\clsid\{5ec1b3d3-5799-460d-ab49-9079669a5d3f}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F6C23D6-854C-497f-9275-439C89CF1F68}]

2008-07-25 10:16 282112 ----a-w- c:\windows\system32\mscoree.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5ec1b3d3-5799-460d-ab49-9079669a5d3f}]

2010-02-15 11:31 2349080 ----a-w- c:\programfiler\softmanoc\tbsof1.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c14aa221-bae1-45f6-b0b3-90c23f2daa7d}]

2008-12-05 11:35 389120 ----a-w- c:\clue\adxloader.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

2009-05-20 12:36 1258808 ----a-w- c:\programfiler\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programfiler\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

"{5ec1b3d3-5799-460d-ab49-9079669a5d3f}"= "c:\programfiler\softmanoc\tbsof1.dll" [2010-02-15 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

 

[HKEY_CLASSES_ROOT\clsid\{5ec1b3d3-5799-460d-ab49-9079669a5d3f}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programfiler\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

"{5EC1B3D3-5799-460D-AB49-9079669A5D3F}"= "c:\programfiler\softmanoc\tbsof1.dll" [2010-02-15 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

 

[HKEY_CLASSES_ROOT\clsid\{5ec1b3d3-5799-460d-ab49-9079669a5d3f}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\programfiler\Skype\Phone\Skype.exe" [2009-10-09 25623336]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TPHOTKEY"="c:\programfiler\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-01-24 66928]

"TpShocks"="TpShocks.exe" [2007-11-22 181536]

"Apoint"="c:\programfiler\Apoint2K\Apoint.exe" [2007-08-20 172032]

"PSQLLauncher"="c:\programfiler\ThinkVantage Fingerprint Software\launcher.exe" [2007-08-14 48904]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-01-10 294912]

"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-01-10 208896]

"TPFNF7"="c:\programfiler\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-03-26 59680]

"Windows Defender"="c:\programfiler\Windows Defender\MSASCui.exe" [2006-11-03 866584]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2009-01-05 413696]

"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2008-01-11 144728]

"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2008-01-11 124248]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-05 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-05 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-05 137752]

"V0270Mon.exe"="c:\windows\V0270Mon.exe" [2006-09-26 32768]

"SweetIM"="c:\programfiler\SweetIM\Messenger\SweetIM.exe" [2009-05-20 111928]

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-09-07 148888]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

 

c:\documents and settings\eliven.UNETT\Start-meny\Programmer\Oppstart\

OpenOffice.org 3.1.lnk - c:\programfiler\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

 

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

McAfee Security Scan.lnk - c:\programfiler\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-03-18 14:38 12464 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2007-08-14 13:54 89600 ----a-w- c:\windows\system32\psqlpwd.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2006-09-06 14:37 34344 ----a-w- c:\programfiler\Lenovo\HOTKEY\notifyf2.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]

2007-12-14 14:36 28672 ----a-w- c:\programfiler\Lenovo\HOTKEY\tphklock.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-112152\Scripts\Logon\0\0]

"Script"=Sym2Server.bat

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-267751\Scripts\Logon\0\0]

"Script"=Sym2Server.bat

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-318927\Scripts\Logon\0\0]

"Script"=Sym2Server.bat

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-318927\Scripts\Logon\1\0]

"Script"=\\H-AVS-SR-1\Scripts\Map_Printers.vbs

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\LimeWire\\LimeWire.exe"=

"c:\\Programfiler\\Spotify\\spotify.exe"=

"c:\\Programfiler\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Programfiler\\AVG\\AVG9\\avgupd.exe"=

"c:\\Programfiler\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

 

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [16.10.2007 18:32 19504]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13.12.2009 19:47 216200]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13.12.2009 19:47 242896]

R2 avg9wd;AVG Free WatchDog;c:\programfiler\AVG\AVG9\avgwdsvc.exe [18.03.2010 16:38 308064]

R2 smihlp;SMI Helper Driver (smihlp);c:\programfiler\Fellesfiler\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [14.08.2007 15:46 10896]

R2 WinDefend;Windows Defender;c:\programfiler\Windows Defender\MsMpEng.exe [03.11.2006 19:19 13592]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [29.08.2009 22:48 102448]

S2 gupdate1ca7142300344c2;Googles oppdateringstjeneste (gupdate1ca7142300344c2);c:\programfiler\Google\Update\GoogleUpdate.exe [30.11.2009 00:20 133104]

S3 VF0270Dev;Live! Cam Optia;c:\windows\system32\drivers\V0270Dev.sys [09.01.2009 21:19 225632]

S3 VF0270Vfx;VF0270 Video FX;c:\windows\system32\drivers\V0270Vfx.sys [09.01.2009 21:19 6912]

 

--- Andre tjenester/drivere lastet i minnet ---

 

*Deregistered* - uphcleanhlp

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2010-03-13 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

2010-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programfiler\Google\Update\GoogleUpdate.exe [2009-11-29 22:20]

 

2010-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programfiler\Google\Update\GoogleUpdate.exe [2009-11-29 22:20]

 

2010-04-24 c:\windows\Tasks\MP Scheduled Scan.job

- c:\programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

 

2010-04-21 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

 

2010-04-24 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

 

2010-04-24 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-04-22 23:30]

.

.

------- Tilleggsskanning -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uStart Page = hxxp://avs.hfk.no

mStart Page = hxxp://www.shareware-no.com/no/index.php?rvs=hompag

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki - c:\programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

FF - ProfilePath - c:\documents and settings\eliven.UNETT\Programdata\Mozilla\Firefox\Profiles\2hcvzv63.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: network.proxy.type - 2

FF - plugin: c:\programfiler\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\programfiler\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\programfiler\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\programfiler\Real\Netscape6\nppl3260.dll

FF - plugin: c:\programfiler\Real\Netscape6\nprjplug.dll

FF - plugin: c:\programfiler\Real\Netscape6\nprpjplug.dll

FF - plugin: c:\programfiler\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKCU-Run-msnmsgr - ~c:\programfiler\Windows Live\Messenger\msnmsgr.exe

HKCU-Run-poll title - c:\docume~1\ELIVEN~1.UNE\PROGRA~1\ARMYWI~1\Dent aim.exe

Notify-NavLogon - (no file)

 

 

 

**************************************************************************

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = ~"c:\programfiler\Windows Live\Messenger\msnmsgr.exe" /background?

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer:

 

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(1168)

c:\windows\system32\psqlpwd.dll

c:\programfiler\ThinkVantage Fingerprint Software\homefus2.dll

c:\programfiler\ThinkVantage Fingerprint Software\infra.dll

c:\programfiler\ThinkVantage Fingerprint Software\homepass.dll

c:\programfiler\ThinkVantage Fingerprint Software\bio.dll

c:\programfiler\ThinkVantage Fingerprint Software\remote.dll

c:\programfiler\Lenovo\HOTKEY\tphklock.dll

 

- - - - - - - > 'lsass.exe'(1248)

c:\windows\system32\psqlpwd.dll

c:\programfiler\ThinkVantage Fingerprint Software\homefus2.dll

c:\programfiler\ThinkVantage Fingerprint Software\infra.dll

.

Tidspunkt ferdig: 2010-04-24 13:07:37

ComboFix-quarantined-files.txt 2010-04-24 11:07

 

Pre-Run: 67 840 716 800 byte ledig

Post-Run: 67 802 218 496 byte ledig

 

- - End Of File - - 285E6A2BBEAB924757A45BB9AFBD9C90

 

 

Endret 24. april 2010 av LunaticFanatic

[norbat]

Ser greit ut.

 

Hvis SweetIM ikke er noe som må brukes, avinstaller.

Endret 26. april 2010 av norbat

[IcedInsanity]

Okay, takker SweetIM hadde eg tenkt å fjerne uansett, føler det er bare tull med det.(Når eg hadde det)